Re: [tomcat-native] branch 1.2.x updated: Align default pass phrase prompt with HTTPd

Christopher Schultz Mon, 26 Jun 2023 12:50:48 -0700

Michael,
On 6/26/23 13:11, micha...@apache.org wrote:

This is an automated email from the ASF dual-hosted git repository.


michaelo pushed a commit to branch 1.2.x
in repository https://gitbox.apache.org/repos/asf/tomcat-native.git


The following commit(s) were added to refs/heads/1.2.x by this push:
      new 8049561c8 Align default pass phrase prompt with HTTPd
8049561c8 is described below

commit 8049561c86c3270b86dfd484fd07f1e8627d6b41
Author: Michael Osipov <micha...@apache.org>
AuthorDate: Mon Jun 26 18:05:40 2023 +0200

     Align default pass phrase prompt with HTTPd

I'm close to a -1 on this, ant it entirely comes down to somethingstupid that people should definitely NOT do, but they probably actuallydo: script the injection of a password into the startup process because#securityReasons and their startup process looks specifically for thetext "Enter password".

Think expect(1) or similar being used to enter a password automaticallywhen, really, the password should not be required for an automated process.

I think I'm okay with changing this for 2.x but 1.x is just too set inits ways at this point.


-chris

---
  native/include/ssl_private.h      | 6 +++---
  xdocs/miscellaneous/changelog.xml | 3 +++
  2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/native/include/ssl_private.h b/native/include/ssl_private.h
index b48f7ca84..d90bc1f4b 100644
--- a/native/include/ssl_private.h
+++ b/native/include/ssl_private.h
@@ -171,9 +171,9 @@ extern ENGINE *tcn_ssl_engine;
      || (errnum == X509_V_ERR_CERT_UNTRUSTED) \
      || (errnum == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE))

-#define SSL_DEFAULT_PASS_PROMPT "Some of your private key files are encrypted for security reasons.\n" \

-                                "In order to read them you have to provide the pass 
phrases.\n"         \
-                                "Enter password :"
+#define SSL_DEFAULT_PASS_PROMPT "Some of your private key files are encrypted for 
security reasons.\n" \
+                                "In order to read them you have to provide the pass 
phrases.\n"        \
+                                "Enter pass phrase:"

#define SSL_CIPHERS_ALWAYS_DISABLED ("!aNULL:!eNULL:!EXP:")diff --git a/xdocs/miscellaneous/changelog.xml b/xdocs/miscellaneous/changelog.xml

index 2f6d3d9a8..c4dd3694b 100644
--- a/xdocs/miscellaneous/changelog.xml
+++ b/xdocs/miscellaneous/changelog.xml
@@ -32,6 +32,9 @@
  </section>
  <section name="Changes in 1.2.38">
    <changelog>
+    <update>
+      Align default pass phrase prompt with HTTPd. (michaelo)
+    </update>
    </changelog>
  </section>
  <section name="Changes in 1.2.37">


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [tomcat-native] branch 1.2.x updated: Align default pass phrase prompt with HTTPd

Reply via email to